﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace Http
{

    /// <summary>
    /// Summary description for UrlHandler
    /// </summary>
    public class UrlHandler
    {
        public UrlHandler()
        {
            //
            // TODO: Add constructor logic here
            //
        }

        public void ValidateUrl()
        {
            //URL validation 
            //check for ".." escape characters commonly used by hackers to traverse the folder tree on the server
            //the application should always use the exact relative location of the resource it is requesting
        string strURL = System.Web.HttpContext.Current.Request.Url.AbsolutePath ;
        } //eof 

            
            //Dim strDoubleDecodeURL As String = Server.UrlDecode(Server.UrlDecode(Request.RawUrl))
            //If Regex.Match(strURL, "[\\/]\.\.[\\/]").Success Or Regex.Match(strDoubleDecodeURL, "[\\/]\.\.[\\/]").Success Then
            //    Throw New HttpException(404, "Not Found")
            //End If
    } //eof 
} //eof namespace Http